- Delhi Police have arrested a West Bengal resident for allegedly taking part in the hack of cryptocurrency exchange WazirX
- K Masud Alam is reported to have created a fraudulent account, which was sold and subsequently used in the breach
- The cyberattack has resulted in significant financial losses for WazirX, estimated at approximately $230 million
Delhi Police have arrested a man from West Bengal in connection with the July hack on Indian cryptocurrency exchange WazirX. SK Masud Alam is accused of establishing a fake account, which was later sold and utilized to execute the breach, leading to substantial financial losses for the platform, estimated at around $230 million. Another individual, M Hasan, has been identified as the actual hacker, although there is no suggestion that he had been arrested.
Alam Sold Fake Account to Hacker
According to local news, the Special Cell of Delhi Police arrested Alam, from East Midnapore district in West Bengal, accusing him of creating a WazirX account under the fictitious name Souvik Mondal. This account was then sold via Telegram to another Hasan, who purportedly used it to infiltrate WazirX’s systems and steal $230 million in BTC, ETH, USDT, USDC. The investigation, led by the Intelligence Fusion and Strategic Operations (IFSO) unit, has been focusing on the intricate network of crypto transactions involved in the breach.
The cyberattack has had a profound impact on WazirX, one of India’s leading cryptocurrency exchanges, with reports indicating that the breach resulted in the loss of nearly 45% of the company’s holding assets. The attackers drained WazirX’s hot wallet and attempted to access the cold wallet, but only partially succeeded.
Allegations of Non-Cooperation
The chargesheet also mentions the alleged non-cooperation of Liminal Custody, the digital asset custody solutions firm responsible for securing WazirX’s wallets, which played blame tennis with WazirX following the hack. The firm has been accused of not fully cooperating with the investigation, potentially hindering efforts to trace the stolen assets and identify other individuals involved in the cyberattack.
Wazirx noted at the time that, despite robust security measures, there was “a mismatch between the information displayed on Liminal’s interface and what was actually signed,” which allowed the attackers to alter the transaction details and gain control of the wallet, leading to the breach.
WazriX also publicly blamed Binance, alleging that it might bear some responsibility for the hack, which the exchange labeled “outrageously misleading” and a “disappointing deflection tactic.”
